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Abstract 

The paper deals with time-scaling transformations of dynamical systems. Such scal- 
ing functions operate a change of coordinates on the time axis of the system trajectories 
preserving its phase portrait. Exploiting this property, a chaos encryption technique to 
transmit a binary signal through an analog channel is proposed. The scheme is based 
on a suitable time-scaling function which plays the role of a private key. The encoded 
transmitted signal is proved to resist known decryption attacks offering a secure and 
reliable communication. 

Keywords: Chaotic Encryption, Secure Communication, Chaos Synchronization, Time- 
Scaling. 

1 Introduction 

In the last decades, encryption schemes that hide messages in chaotic signals have attracted 
attention as a tool to transmit information securely. The basic principle is to conceal the 
plaintext message using a chaotic signal and to recover it at the end of the receiver by means 
of a synchronization process [Pecora & Carrol, 1990]. In literature many techniques have been 
proposed, but they can be mainly divided into three different categories: Chaotic Masking, 
Chaotic Shifting Key and Chaotic Modulation. 

Chaotic Masking has been the first encryption method introduced in chaotic communications. 
Basically, a chaotic signal (the "mask") is added to the plaintext to obtain the ciphertext. 
The synchronized receiver is able to recover the plaintext by simply subtracting the "mask" 
[Cuomo & Oppenheim, 1993]. 
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In Chaotic Modulation a chaotic signal is modulated by the plaintext and the receiver recov- 
ers it through an "inversion" process that obviously depends on the modulation technique 
[Kolumban et ai, 1998]. 

In a wide sense, Chaotic Shifting Key (CSK) can also be seen as a special case of Chaotic 
Modulation. It allows the transmission of a binary signal by switching the parameters of two 
different chaotic systems. The receiver determines the bit value according to the success or 
failure of its synchronization attempt. Many cryptanalysis tools have been developed in order 
to evaluate the security of these schemes and it has been shown that the realization of secure 
communications based on chaotic encryption is still a quite difficult and challenging task [Li 
et ai, 2006]. 

In this paper we study classes of dynamical systems characterized by having the same phase 
diagram, but a different time response. This property reveals to be a useful countermeasure 
against known powerful decryption attacks (such as return map attacks). This suggests the 
possibility to effectively employ this kind of systems in chaotic communications. However, 
analysis of chaotic and, generally, nonlinear systems is quite complex to perform. This is the 
reason why an accurate cryptanalysis of communication schemes based on chaos encryption is 
difficult to realize and most employed tools are usually numerical simulations. Nevertheless, 
this work provides some theoretical results as a support to guarantee security of the system. 
The paper is organized as follows. In Section [2] the theoretical framework is described and 
developed; in Section [3] we propose a CSK scheme for secure communications exploiting time 
scaling functions; Section H] is devoted to some qualitative cryptanalytical considerations and, 
finally, we provide some simulation results in Section [5j 



2 Time Scaled Systems 

Let us consider an autonomous dynamical system described by the differential equation 

^-x = f(x) ier,/:r^ 5T. (1) 

We introduce a modified ( "time-scaled" ) system 

jz = f{z)X(z, t) 2 6r,A: (9? n x 3?) -> ». (2) 

where A is called "time scaling function" . The effect of multiplying all the components of the 
function / by the same scalar function is just to modify the time scale of the original system 
[Sampei & Furuta, 1978]. The adoption of time scale functions is a quite common analysis tool 
in robotics and chemical applications because it gives some advantages in designing feedback 
linearizing controllers [Sampei & Furuta, 1978], [Respondek et ai, 2003] and, under some 
non-restrictive conditions, it does not change the stability properties of the system [Sampei 
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& Furuta, 1978]. However, in this work we are also interested into the fact that time scaling 
tranformations preserve most topological and geometrical properties of the phase diagram. 
For the sake of generality and completeness, we begin considering a time scale transformation 
depending both on time t and the state z. We report and prove some theoretical results which 
will be helpful for our purposes trying also to give an extensive overview. 

Proposition 2.1 (Existence of the time scaled solution). Let us consider systems (QJ) and 
(dj). If there exists a solution <p x (t,xo) of (T7J) with initial condition x(0) = x$ and if A(-, •) is 
"regular enough", then there exists a scalar function r(t) such that <ft x (T(t),xo) is a solution 
for |D) with the same initial value Xq. 

Proof. By hypothesis, the initial value problem 

dz 

Tr = /W (3) 

z(0) = X 

admits a solution z(r) = 4> x (t,x ). Consider now 

W^M'O ,4, 

r(t ) = t . 

If \(z(r),t) is "regular enough", there exists a solution <fi T (t,t ,T ). Let r(t) := T (t,O,O), we 
can define 

<f) z (t,x ) := (f) x (r(t),x ). (5) 
By inspection, (fi z (t,x ) is a trajectory of ([2]) with t = and z(t ) = x . □ 

We remark that the "regularity" required on the time scale function A is needed only 
to solve the Cauchy Problem (TJJ. Actually, it could be sufficient to assume that A is a 
piecewise locally Lipschitz function which definitely is not a restrective condition. However, 
if A satisfies some additional properties, some more strict relations beetween the original and 
the "modified" system can be proved. 

Proposition 2.2. Under the conditions of Proposition [Ol and assuming that 3 /, L e 3? such 
that <l < X(z,t) < L, the phase diagrams of the two systems are identical. 

Proof. The proof is straightforward. Since < / < 4^ < L, we can immediately conclude that 
r(t) is continuous, increasing monotonic and therefore invertible on 3?. This means that every 
trajectory {cj) x (t, Xq) \t G 3?} is completely mapped into the trajectory {(f) z (t,Xo)\t G □ 
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The previous proposition estabilishes a strong bond beetween the two systems. In fact, 
even though time responses can be very different, trajectories, attractors and stability prop- 
erties of the two systems are exactly the same [Sampei & Furuta, 1978]. It is important to 
remark this holds for any kind of attractors, including strange attractors. Such a property 
will be exploited in the next section to derive a secure communication scheme. 

Proposition 2.3. Let v be a unitary vector in 3? n . Define y(t) = v T x(t). Given two time 
instants t% < t 2 , assume that {t G [ti,t2}\y{t) = 0} is a discrete set. Consider also a time 
scale function 

Aq if [y T z/h\ is even 
Ai if \y T z/h\ is odd 

where the symbol |_-J denotes the floor function. Assume also that 



\{ z ) ■.= \ 7° 7 » (6) 



Then, under the conditions of Proposition \2.S\ 

lim (j) z (t 2 - t u x x ) = <fr x (t 2 - t x , si). (8) 

Proof. The function A "slices" 3?" by means of hyperplanes orthogonal to the vector v. In 
every "slice" (whose width is equal to h) the time scale is modified through a constant gain 
which is, alternatively, A or A x . Figure [1] schematically depicts this situation. With no loss 
of generality, we can assume Aq < Ai. Since the harmonic mean ([7]) of the two values is one, 
we have Ao < 1 < Ai. So, the time scaled system "moves" slower than the original one in 
those regions where X(z) = A and faster where X(z) = A±. However, if those regions are 
narrow enough (that means h "small" enough), the trajectory arc x(ti)x(t2) is covered in the 
same amount of time by both the original and the scaled system. □ 



3 Application to Chaos Encryption 

In this section we will show how two time-scaled chaotic systems can be employed to send 
a binary signal in an encrypted manner. In particular, we will use two time-scaled chaotic 
systems in a chaotic shifting key (CSK) scheme showing how some security issues can be 
solved. 

In a basic CSK scheme, the plaintext is encoded as a sequence of chaotic signals produced 
by one of two different chaotic systems according to the bit value. The receiver decodes the 
ciphertext through a simple on-off synchronization process. Consider the following system 
used as the sender 

x = f(x,s,0(m)) (9) 
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Figure 1: Geometrical interpretation of Proposition [2731 



where s is a scalar component of the state x and 8(m) is a vector of parameters modulated 
by a binary plain signal m(t) 

v I do if vn = . . 

I d\ if m = 1. 

Both #o and #i must have been suitably chosen to generate a chaotic regime in (J9j). To transmit 
m(t), the signal s(t) is sent out in order to cause synchronization to the receiver 

i = /(z,sA). (11) 

If synchronization is achieved the bit is revealed to be 1, while, if there is no synchronization, 
the bit is concluded to be 0. The security of the system is based on the fact that an intruder 
would observe only the "apparently meaningless" chaotic signal s(t) and should not be able 
to achieve synchronization without an accurate knowledge of the parameters #o and 6\ which 
play the role of a private key. Nevertheless, this basic scheme has been proved to be very 
vulnerable to Return Map attacks [Li et at, 2006]. In fact, assuming that Xi and are the 
i — th minima and maxima, respectively, of s, we define the following variables A{ := Xi + Xi 
and Bi := Xi — X{. The plot of Bi as a function of Aj is called Return Map (RM) of the 
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signal s. The RM is topologically equivalent to the peak to peak dynamics plot described 
in [Candaten & Rinaldi, 2000]. An intruder, observing the encrypted signal s(t), can easily 
reconstruct the RM with no knowledge of the parameters 9$ or 9\. In fact, if the two RMs 
of system (jHJ) when 9 = 9 and when 9 — 9\ are "well distinguishable", it is possible to 
unmask the concealed bit simply checking which map the transmitter is currently tuned on. 
An example of a RM reconstruction is reported in Figure [2j In this case the obtained RM 
shows two evident branches, one is associated to 9q and the other one to 9\ . The intruder, 
by simply checking what branch the transmitted signal is currently associated, can easily 
recover the plaintext sampled at every peak. Of course, the presence of channel noise would 

50 1 1 1 1 1 1 1 
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Figure 2: Two different values of the parameter 9 in a CSK scheme can produce two distin- 
guishable return maps. 

disturb the attacker because he would obtain blurred maps. At the same time, we have 
to consider that noise would produce negative consequences on the receiver synchronization 
process, too. Many countermeasures have been considered in order to resist RM attacks (such 
as [Bu & Wang, 2004], [Palaniyandi & Lakshmanan, 2001]), and many of them have been 
broken, as well [Li et ai, 2006]. In [Xu & Chee, 2004] a very interesting approach has been 
proposed where the parameter 9 still switches according to the plain-text bit value, but some 
more additional random switches are introduced to confuse a possible intruder. In this case, 
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the switching policy (jTOj) is extended to the following form 

6 = 6(x,m) (12) 

The additional pseudo-random switches occur according to one or more state variables (that 
are not transmitted), such that they do not disturb the receiver when it is in a synchronized 
condition. Conversely, this is novelty of the idea, an attacker trying to reconstruct the RM 
will be frustrated by the presence of many switches s/he is not able to predict because they 
are intrinsically related to the knowledge of the system structure. However, it is our opinion 
that the pseudo-random switch approach, in its general form described in [Xu & Chee, 2004], 
is still structurally vulnerable to RM attacks, if some precautions are not taken. Moreover, 
there are no theoretical results to guarantee that the reconstructed RM can not actually be 
exploited by an attacker. 



3.1 Time Scale CSK scheme 

The Time Scale CSK (TS-CSK) communication scheme we propose is partially inspired by 
[Xu &; Chee, 2004], but it adopts time scaling functions to prevent the system to be broken 
by standard return map attacks. The transmitter and receiver have the following structure 

x = f(x,s)X(x,m) ^ 
z = f(z,s)X(z, 1) 

where s is one of the state components which is being transmitted and X(x,m) is the strictly 
positive time scaling function 

A m if \y T z/h\ is even 

Ax_ m if \y T z/h\ is odd 

such that Ao, Ai, v and h are fixed parameters chosen to meet condition of Proposition 12.31 
which play .the role of the encryption key. In this case, the function A defines a time-scale 
analogous to the time-scale described in Proposition 12.31 where the transmitted bit m simply 
inverts the roles of A and K\. This choice of A is very demonstrative and it is motivated 
by its simplicity and by the theoretical results proved in the previous section. This peculiar 
structure allows to carry out some qualitative crypt analytical considerations. Of course, a 
more sophisticated choice could bring to better results in terms of security, synchronization 
time and practical realization. 



, . . \i v m ii I u & lb io even . . 

X(x,m) = { A m , £ J" t , n \ ■ - - f ( 14 ) 



4 TS-CSK Cryptanalysis 

In this section we will analyze how the proposed TS-CSK communication scheme can resist 
most common decryption attacks. This study does not intend to be an exhaustive cryptanal- 



7 



ysis since this can only be be accomplished describing the exact typology of attacks (known 
plaintext, known ciphertext, etc.). It is our aim to report only some qualitative considera- 
tions supported, when possible, by theoretical results. 

4.1 Return Map attack 

The communication system (Tl3|) is intrinsecally robust against a return map attack. In fact, 
from Proposition 12.21 it is obvious that, under practically non-restrictive conditions on / and 
A, neither the modulation m nor the pseudo-random switches modify the phase portrait of 
the original non-timed scaled system 

x = f(x,s). (15) 

Therefore, the RMs of the TS-CSK scheme ffl3|) and system ffl5l) are exactly the same regard- 
less of the transmitted bit m(t). 

4.2 Return Time Map attack 

Assuming that X, is the i — th local maximum of s(t) and ti is the relative time instant when 
it occurs, we define the Return Time Map (RTM) as the plot of U + i — ti versus Xj. With no 
conceptual differences, the RTM could have been defined using the minima of s(t) (or both 
minima and maxima) [Candaten & Rinaldi, 2000]. The effect of the function A is to "speed 
up" the system when A > 1 and to "slow down" it when A < 1. It is intuitive that a wrong 
choice of the function A could lead to a breakable system using a RTM attack [Candaten 
& Rinaldi, 2000]. 

By Proposition [23] it is immediate to conclude that if the number of time scaling switches is 
"dense" enough (with a proper choice of A), then the RTM plot is not "significantly" modified 
by the time scaling. Of course, this is just a theoretical consideration, since the choice of a too 
small value for h would negate the possibility of a physical realization of such communication 
devices. However, Proposition 12.31 confirms the intuition suggesting small values for h in order 
to increase the security of the system. 

4.3 Switch detection 

In a CSK scheme, an intruder eavesdropping the communication could detect the changes of 
bit values by simply detecting discontinuities in the first derivative of the encoded signal s(t). 
This is the reason why the adoption of a continuous function A is deprecated. In fact, it would 
not create discontinuous false-switches analogous to the informative bit switches in order to 
confuse the intruder [Xu & Chee, 2004]. If false-switches are frequent enough in time and do 
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not depend on the drive signal it will be difficult to distinguish which ones will be informative. 
Again, the choice of small values for h seems to lead to increased security. 



4.4 Brute Force attack 

In a security analysis, it must be assumed that the intruder knows everything about the 
communication system structure, encryption method, physical characteristics (channel noise 
power spectrum etc..) but the encryption key. Nevertheless, the encryption key can be 
guessed, so it is important the key space is large enough in order to make such a guess the 
most difficult it is possible. A common problem in chaos communication is the fact that 
physical systems show a chaotic behaviour only in a very restricted range of their parameters 
limiting the choice of the key. The proposed approach, in its general form (lT3i) . overcomes 
this problem since there is no particular restriction on the function A once it is assumed it is 
discontinuous and strictly positive. 



5 Example 

The communication system Pseudo Random Switch CSK (PRS-CSK) described in [Xu & Chee, 
2004] exploits the well-known synchronization properties of two identical Lorenz models 
[Pecora & Carrol, 1990] 

Xi = o(x 2 - Xi) 

x 2 = {f3 - x 3 )x 1 - x 2 

x 3 = Xl x 2 - px 3 (16) 



Xx 



where 



x,m) 



Zi = a(z 2 - zx) 

z 2 = (A) - z 3 )s - z 2 

z 3 = z 2 s - pz 3 

[a, j3{m), p(x)]. The parameter /3 is modulated the plain-text signal m{t) 



/3(m) 





1 



(17) 



while the parameter p generates the false switching events 

bx if ax < x 2 < a 2 

b 2 if a 3 < x 2 < a 4 

p = p(x) = { b 3 if a 5 < x 2 < a 6 

6 4 if a 7 < x 2 < a 8 

65 otherwise 



;is) 



9 



In [Xu & Chee, 2004] the numerical choice of the variables was 



a = 10 
Po = 60.5 
fix = 60 

a= [0,5,31,32,23,28,10,16] 
b = [10/3,8/3,2/3,5/3,2]. 



(19) 



The transmission of 100 alternate bits (worst case scenario for the attacker) (as in [Xu & Chee, 
2004]) has been simulated assuming the absence of channel noise using a standard ODE45 
integration method with a relative tolerance of le — 12 in order to obtain a low numerical 
noise. The result of the RM reconstructed by an eventual attacker is depicted in Figure [3J As 
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Figure 3: The Return Map of the PRS-CSK scheme (flBj) . assuming no noise acting on che 
channel, still presents two distinct branches even adopting the pseudo-random switching CSK. 



it is shown, in the RM two branches are still distinguishible even though they are defmetely 
close. However, the close distance of the two branches is mainly related to the fact that the 
two values (3q and j3± are pretty similar. In a practical situation, the two branches would be 
very likely undistinguishable because of channel noise, but, as we have previously stressed, the 
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presence of noise may disturb the receiver synchronization as well. A theoretical guarantee 
that a RM attack is really ineffective would be desirable from the security point of view. 
As a comparison, we employ the same Lorenz model in a TS-CSK communication scheme 

x\ = [cr(x 2 — x\)\\(x, m) 

%2 = [(/? - x 3 )xi - x 2 ]X(x, m) 

x 3 = [xix 2 - px 3 ]X(x, m) 

s = xt (20) 

zi = [a(z 2 - zi)]A(z, 1) 
Z2 = [((3 - z 3 )s - z 2 ]X(z, 1) 
z 3 = [z 2 s - pz 3 }X(z, 1) 

with a — 10, /3 — 60, p = 2 and using X(x, m) in (fl4l) with the private encryption/decryption 
key 

v= [0,1, 0] T 
h = 2 
A = 15/16 
Ai = 15/14. 

Figure H] shows the Lorenz attractor projected on the plane X\-x 2 along with the time-scale 
policy. Given the bit m to be transmitted, in the white stripes the system evolves with the 
time-scale factor A m while in the gray ones the time-scale factor Ai_ m is used. System ( f20l) 
has been simulated with the transmission of 100 alternate bits (ODE45 solver with relative 
precision equal to le — 12). The corresponding RM and RTM obtained by an eventual intruder 
are reported in Figures [5] and El respectively. Return Map Attack is completely countered 
since the RM of the the sender dynamics does not change according to the bit value. Moreover, 
a RTM based attack does not seem to be so effective because the map is sparse enough not 
to reveal the presence of distinct branches (we are implicitly assuming that the integration 
error in the simulation procedure can be safely neglected). In order to show that the proposed 
scheme can provide a secure and reliable communication, Figure [7] depicts the simulation 
results of the decryption phase at the receiver. Ten alternate bits have been encoded and the 
right synchronizations/desynchronizations occur very promptly. 

6 Conclusion 

An encryption scheme to send digital data through an analog channel has been introduced 
by exploiting a class of time scaling functions. It has been proved that such a scheme is 
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Figure 4: Projection of the Lorenz attractor on the plane Xi-x 2 for the TS-CSK scheme. 

intrinsecally secure against simple return map attacks. Some theoretical results show that 
return time map attacks should not be so effective, too, if the choice of the time-scaling func- 
tion satisfies some requirements. Switch detection beetween bits in the plaintext is also made 
difficult by using a pseudo-random false-switching technique. Simulations show effectiveness 
of the proposed communication scheme with respect to known decryption attacks. 
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Figure 6: TS-CSK: Return Time attack originates a sparse map which makes it difficult to 
crack the system. 
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Figure 7: TS-CSK: Transmission of ten alternate bits, the ciphertext and the relative syn- 
chronization error at the receiver end. 
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